additional support of a security netfilter table for secmark/net forwarding (RH: merged to nf repo)

Namespacing of SELinux global functions and variables.

NFSv4 support (in progress)

Linux hv controls (in progress Tresys?)

Revoke memory-mapped file access upon policy change or setxattr.

Real device labeling and access control (i.e. bind a label to a device in the kernel irrespective of what device node is used to access it so that a process that can create any device nodes at all can't effectively bypass all device access controls just by creating an arbitrary node to any device in a type accessible to it),

Full APIs for getting and setting security contexts of sockets and IPC objects. Ensure that socket context is kept consistent on socket inode and sock structures when changed.

Support for kernel namespaces: labeling and access controls on namespaces, per-namespace policy?

Similar support for chroots to support build systems?

Better controls for posix message queues (?)

move *mem permissions to new memprotect class. Bump policy version.

discovery of class and permission offsets 3

better support for FS whose labelling behaviour is not specified in policy. If nothing from policy just test for xattr support and use it if it is there.

Notes:

2Allow SELinux to selectively grant capabilities authoritatively based on SELinux domain. Executables could be made privileged w/o needing to be setuid root, all via SELinux without needing yet another mechanism like file capabilities. Eliminate the need for filesystem capabilities support (which will be a nightmare to manage, as they are per-file bitmaps vs. per-type access

vectors).

3 Make the hooks/avc layer request class/perm offsets from security server so that static offsets are no longer necessary and obsolete kernel classes can be purged.

Support for setting down unknown file contexts for package managers and filesystem restore (done: NSA, deferred mapping of contexts patch).

Finer-grained proc checking so that we don't require full ptrace permission just to read process state (done: NSA, split proc ptrace checking into read vs. attach).

Improve/fix ioctl checking (done: NSA, simplify ioctl checking).

1 Provide a static inline helper for all FMODE_READ/FMODE_WRITE checks that also includes the corresponding security_file_permission() call to help ensure that they always happen together in the future. Possibly even rolling up rw_verify_area() checking as well into it.